<?php
/* 
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 * Description of JYFilterUtils
 *
 */
class JYFilterUtils {
    public static function filterText($str, $dirtyfilter=true) {
        $str = trim ( $str );
        $str = preg_replace('/[\a\f\e\0\x0B]/is', "", $str);
        //过滤任何空白字符
        $filter = false;
        if($filter) {
            $str = preg_replace ('/\S/is', "", $str);
        }
        $str = htmlspecialchars ( $str, ENT_QUOTES );
        $str = self::filterTag ( $str );
        $str = self::filterCommon ( $str );
        // 去掉：脏字过滤
        return $str;
    }

    /**
     * Forbid the attack of XXS
     *
     * @param string $str  the formated string
     * @return string
     */
    public static function filterTag($str) {
        $str = str_ireplace ( "javascript", "j&#097;v&#097;script", $str );
        $str = str_ireplace ( "alert", "&#097;lert", $str );
        $str = str_ireplace ( "about:", "&#097;bout:", $str );
        $str = str_ireplace ( "onmouseover", "&#111;nmouseover", $str );
        $str = str_ireplace ( "onclick", "&#111;nclick", $str );
        $str = str_ireplace ( "onload", "&#111;nload", $str );
        $str = str_ireplace ( "onsubmit", "&#111;nsubmit", $str );
        $str = str_ireplace ( "<script", "&#60;script", $str );
        $str = str_ireplace ( "onerror", "&#111;nerror", $str );
        $str = str_ireplace ( "document.", "&#100;ocument.", $str );

        return $str;
    }

    /**
     * Transfer the special string to the common string
     *
     * @param  string $str           the original string
     * @return string $str           the filtered string
     */
    public static function filterCommon($str) {
        $str = str_replace ( "&#032;", " ", $str );
        $str = preg_replace ( "/\\\$/", "&#036;", $str );
        $str = stripslashes ( $str );
        return $str;
    }

	//取消对特殊字符的处理
	function unfilterText($str){     
		//return $str;
		$str = str_ireplace("&amp;", "&", $str);
		
        $str = addslashes ( $str );
		$str = preg_replace (  "/&#036;/","\\$", $str );
		
		$str = str_ireplace ( "&#100;ocument.", "document.", $str );
		$str = str_ireplace ( "&#111;nerror","onerror",  $str );
		$str = str_ireplace (  "&#60;script","<script", $str );
		$str = str_ireplace ( "&#111;nsubmit","onsubmit",  $str );
		$str = str_ireplace ( "&#111;nload","onload",  $str );
		$str = str_ireplace ( "&#111;nclick", "onclick", $str );
		$str = str_ireplace ( "&#111;nmouseover", "onmouseover", $str );
		$str = str_ireplace ("&#097;bout:",  "about:", $str );
		$str = str_ireplace ( "&#097;lert", "alert", $str );
	
		$str = str_ireplace ( "j&#097;v&#097;script","javascript",  $str );
     		
		$str = htmlspecialchars_decode ( $str, ENT_QUOTES );
		$str = str_ireplace("&nbsp;", " ", $str);
		return $str;
	}
}